Detections
Analytics
RHEL 7 : Red Hat Satellite 6.1.1 on RHEL 7 (Important) (RHSA-2015:1591)
critical Nessus Plugin ID 85715
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1591 advisory.Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool.
It performs provisioning and configuration management of predefined standard operating environments.
This update provides Satellite 6.1 packages for Red Hat Enterprise Linux 7.
For the full list of new features provided by Satellite 6.1 see the Release notes linked to in references section. (BZ#1201357)
It was discovered that in Foreman the edit_users permissions (for example, granted to the Manager role) allowed the user to edit admin user passwords.
An attacker with the edit_users permissions could use this flaw to access an admin user account, leading to an escalation of privileges.
(CVE-2015-3235)
It was found that Foreman did not set the HttpOnly flag on session cookies.
This could allow a malicious script to access the session cookie.
(CVE-2015-3155)
It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks. (CVE-2015-1816)
A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access. (CVE-2015-1844)
A cross-site scripting (XSS) flaw was found in Foreman's template preview screen. A remote attacker could use this flaw to perform cross-site scripting attacks by tricking a user into viewing a malicious template.
Note that templates are commonly shared among users. (CVE-2014-3653)
It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website. (CVE-2013-4346)
It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website. (CVE-2013-4347)
Red Hat would like to thank Rufus Jrnefelt of Coresec for reporting the foreman HttpOnly issue.
All users who require Satellite 6.1 are advised to install these new packages.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?07fa4b23
http://www.nessus.org/u?72d2f26c
https://access.redhat.com/errata/RHSA-2015:1591
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1007746
https://bugzilla.redhat.com/show_bug.cgi?id=1007758
https://bugzilla.redhat.com/show_bug.cgi?id=1145398
https://bugzilla.redhat.com/show_bug.cgi?id=1201357
https://bugzilla.redhat.com/show_bug.cgi?id=1207589
https://bugzilla.redhat.com/show_bug.cgi?id=1208602
Plugin Details
Severity: Critical
ID: 85715
File Name: redhat-RHSA-2015-1591.nasl
Version: 2.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/1/2015
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: Medium
Base Score: 6
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2015-3235
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2009-3555
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:jboss-servlet-3.0-api, p-cpe:/a:redhat:enterprise_linux:plexus-compiler, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-trollop, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:apache-ivy, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:qpid-java-common, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:python-requests, p-cpe:/a:redhat:enterprise_linux:maven-plugin-registry, p-cpe:/a:redhat:enterprise_linux:cglib, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_gutterball, p-cpe:/a:redhat:enterprise_linux:maven-project, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-extlib, p-cpe:/a:redhat:enterprise_linux:jsoup, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hooks, p-cpe:/a:redhat:enterprise_linux:maven-shared-utils, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-strong_parameters, p-cpe:/a:redhat:enterprise_linux:maven-artifact-manager, p-cpe:/a:redhat:enterprise_linux:bouncycastle, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml-rails, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:apache-mime4j, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:candlepin-guice, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:maven-settings, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:jsr-311, p-cpe:/a:redhat:enterprise_linux:maven-parent, p-cpe:/a:redhat:enterprise_linux:ruby-shadow, p-cpe:/a:redhat:enterprise_linux:apache-resource-bundles, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-radosgw, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:mongodb-server, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog, p-cpe:/a:redhat:enterprise_linux:jsch, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:oauth, p-cpe:/a:redhat:enterprise_linux:python-httplib2, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.1-api, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hpricot, p-cpe:/a:redhat:enterprise_linux:jansi-native, p-cpe:/a:redhat:enterprise_linux:plexus-containers, p-cpe:/a:redhat:enterprise_linux:fasterxml-oss-parent, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-handlers, p-cpe:/a:redhat:enterprise_linux:plexus-utils, p-cpe:/a:redhat:enterprise_linux:plexus-velocity, p-cpe:/a:redhat:enterprise_linux:plexus-component-api, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:janino, p-cpe:/a:redhat:enterprise_linux:maven-model, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-justified, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:maven-release, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:apache-parent, p-cpe:/a:redhat:enterprise_linux:puppet, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:hibernate4-core, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:maven-release-manager, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-quartz, p-cpe:/a:redhat:enterprise_linux:maven, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails_js, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:objectweb-asm, p-cpe:/a:redhat:enterprise_linux:maven-common-artifact-filters, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:jackson-databind, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:sigar, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:xstream, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:plexus-containers-component-annotations, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:maven2, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:modello, p-cpe:/a:redhat:enterprise_linux:hornetq, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-anyjson, p-cpe:/a:redhat:enterprise_linux:ruby-rgen, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:netty, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:aether-impl, p-cpe:/a:redhat:enterprise_linux:resteasy, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-json-provider, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreigner, p-cpe:/a:redhat:enterprise_linux:apache-commons-net, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:gperftools, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-readline, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:maven-file-management, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hashr, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate-parent, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-autoparse, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:jackson-annotations, p-cpe:/a:redhat:enterprise_linux:mongodb, p-cpe:/a:redhat:enterprise_linux:maven-shared-io, p-cpe:/a:redhat:enterprise_linux:jboss-parent, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:groovy, p-cpe:/a:redhat:enterprise_linux:jboss-specs-parent, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:ruby-augeas, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-devel, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:candlepin-scl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:maven-compiler-plugin, p-cpe:/a:redhat:enterprise_linux:xbean, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:aopalliance, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:jboss-logging, p-cpe:/a:redhat:enterprise_linux:sisu-inject-plexus, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:maven-release-plugin, p-cpe:/a:redhat:enterprise_linux:openscap-utils, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-locale, p-cpe:/a:redhat:enterprise_linux:hibernate4, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:qpid-cpp, p-cpe:/a:redhat:enterprise_linux:nekohtml, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:candlepin-common, p-cpe:/a:redhat:enterprise_linux:jboss-jaxb-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-1.1-api, p-cpe:/a:redhat:enterprise_linux:hibernate-jpa-2.0-api, p-cpe:/a:redhat:enterprise_linux:plexus-cipher, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-runtime, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate, p-cpe:/a:redhat:enterprise_linux:plexus-classworlds, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-wrapper, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-archive-tar-minitar, p-cpe:/a:redhat:enterprise_linux:plexus-sec-dispatcher, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:python-semantic-version, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_import, p-cpe:/a:redhat:enterprise_linux:maven-remote-resources-plugin, p-cpe:/a:redhat:enterprise_linux:puppet-server, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-sakuracloud, p-cpe:/a:redhat:enterprise_linux:jackson-module-jaxb-annotations, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:gperftools-libs, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:jansi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:jsr-305, p-cpe:/a:redhat:enterprise_linux:rubygem-fastercsv, p-cpe:/a:redhat:enterprise_linux:elasticsearch, p-cpe:/a:redhat:enterprise_linux:ruby193-facter, p-cpe:/a:redhat:enterprise_linux:plexus-containers-container-default, p-cpe:/a:redhat:enterprise_linux:maven-artifact, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:hawtjni, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:liquibase, p-cpe:/a:redhat:enterprise_linux:python-beautifulsoup, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:rubygem-satyr, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch, p-cpe:/a:redhat:enterprise_linux:capsule-installer, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:plexus-build-api, p-cpe:/a:redhat:enterprise_linux:katello-installer, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scaptimony, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:hibernate3-commons-annotations, p-cpe:/a:redhat:enterprise_linux:qpid-proton, p-cpe:/a:redhat:enterprise_linux:snappy-java, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:ipxe-bootimgs, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:ant-junit, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:python-gofer-proton, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0, p-cpe:/a:redhat:enterprise_linux:sisu, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-base, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:maven-artifact-resolver, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:plexus-resources, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:python-cherrypy, p-cpe:/a:redhat:enterprise_linux:atinject, p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.1-api, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-providers, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:hiera, p-cpe:/a:redhat:enterprise_linux:maven-wagon, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-rhino, p-cpe:/a:redhat:enterprise_linux:libqpid-dispatch, p-cpe:/a:redhat:enterprise_linux:openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-commonjs, p-cpe:/a:redhat:enterprise_linux:aether-api, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:aether-spi, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate4, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:plexus-interactivity, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-tire, p-cpe:/a:redhat:enterprise_linux:rubygem-table_print, p-cpe:/a:redhat:enterprise_linux:maven-shared-incremental, p-cpe:/a:redhat:enterprise_linux:openscap-scanner, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:cdi-api, p-cpe:/a:redhat:enterprise_linux:gettext-commons, p-cpe:/a:redhat:enterprise_linux:rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:jboss-interceptors-1.1-api, p-cpe:/a:redhat:enterprise_linux:qpid-java-client, p-cpe:/a:redhat:enterprise_linux:jzlib, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_abrt, p-cpe:/a:redhat:enterprise_linux:sigar-java, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-uuidtools, p-cpe:/a:redhat:enterprise_linux:aether-connector-wagon, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jquery-ui-rails, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:katello-utils, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:qpid-java, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-po_to_json, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:maven-monitor, p-cpe:/a:redhat:enterprise_linux:maven-invoker, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:felix-framework, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_abrt, p-cpe:/a:redhat:enterprise_linux:plexus-interpolation, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:maven-profile, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:guava, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-softlayer, p-cpe:/a:redhat:enterprise_linux:hibernate-beanvalidation-api, p-cpe:/a:redhat:enterprise_linux:jboss-el-2.2-api, p-cpe:/a:redhat:enterprise_linux:candlepin-tomcat, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:python-webpy, p-cpe:/a:redhat:enterprise_linux:jackson-core, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-brightbox, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited-activerecord, p-cpe:/a:redhat:enterprise_linux:aether-util, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:openscap-python, p-cpe:/a:redhat:enterprise_linux:lucene4, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:bsf, p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-i18n_data, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:katello-agent, p-cpe:/a:redhat:enterprise_linux:c3p0, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:lucene4-contrib, p-cpe:/a:redhat:enterprise_linux:libdb-cxx, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:xpp3-minimal, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:logback, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less, p-cpe:/a:redhat:enterprise_linux:maven-toolchain, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:google-guice, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_gutterball, p-cpe:/a:redhat:enterprise_linux:maven-filtering, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:gutterball, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:aether, p-cpe:/a:redhat:enterprise_linux:maven-scm, p-cpe:/a:redhat:enterprise_linux:hibernate4-validator, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:facter, p-cpe:/a:redhat:enterprise_linux:sisu-inject-bean, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:python-crane
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/12/2015
Vulnerability Publication Date: 5/20/2014
Reference Information
CVE: CVE-2009-3555, CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235